Google Cloud
Security and Compliance

Data Access and Restrictions

We believe the public deserves to know the full extent to which
governments request user information from Google. That’s why we became the
first company to start regularly publishing reports about government data
requests.

Administrative access

To keep data private and secure, Google logically isolates each customer’s G
Suite data from that of other customers and users, even when it’s stored on the
same physical server. Only a small group of Google employees have access to
customer data. For Google employees, access rights and levels are based on
their job function and role, using the concepts of least-privilege and
need-to-know to match access privileges to defined responsibilities. Google
employees are only granted a limited set of default permissions to access
company resources, such as employee email and Google’s internal employee
portal. Requests for additional access follow a formal process that involves a
request and an approval from a data or system owner, manager, or other
executives, as dictated by Google’s security policies. Approvals are managed by
workflow tools that maintain audit records of all changes. These tools control
both the modification of authorization settings and the approval process to
ensure consistent application of the approval policies. An employee’s
authorization settings are used to control access to all resources, including
data and systems for G Suite products. Support services are only provided to
authorized customer administrators whose identities have been verified in
several ways. Googler access is monitored and audited by our dedicated
security, privacy, and internal audit teams.

For customer administrators

Within customer organizations, administrative roles and privileges for G Suite
are configured and controlled by the customer. This means that individual team
members can manage certain services or perform specific administrative
functions without gaining access to all settings and data. Integrated audit
logs offer a detailed history of administrative actions, helping customers
monitor internal access to data and adherence to their own policies.

Law enforcement data requests

The customer, as the data owner, is primarily responsible for responding to law
enforcement data requests; however, like other technology and communications
companies, Google may receive direct requests from governments and courts
around the world about how a person has used the company’s services. We take
measures to protect customers’ privacy and limit excessive requests while also
meeting our legal obligations. Respect for the privacy and security of data you
store with Google remains our priority as we comply with these legal requests.
When we receive such a request, our team reviews the request to make sure it
satisfies legal requirements and Google’s policies. Generally speaking, for us
to comply, the request must be made in writing, signed by an authorized
official of the requesting agency and issued under an appropriate law. If we
believe a request is overly broad, we’ll seek to narrow it, and we push back
often and when necessary. For example, in 2006 Google was the only major search
company that refused a U.S. government request to hand over two months of user
search queries. We objected to the subpoena, and eventually a court denied the
government’s request. In some cases we receive a request for all information
associated with a Google account, and we may ask the requesting agency to limit
it to a specific product or service. We believe the public deserves to know the
full extent to which governments request user information from Google. That’s
why we became the first company to start regularly publishing reports about
government data requests. Detailed information about data requests and Google’s
response to them is available in our Transparency Report. It is Google’s policy to notify
customers about requests for their data unless specifically prohibited by law
or court order.

Third-party suppliers

Google directly conducts virtually all data processing activities to provide
our services. However, Google may engage some third-party suppliers to provide services related to G Suite,
including customer and technical support. Prior to onboarding third-party
suppliers, Google conducts an assessment of the security and privacy practices
of third-party suppliers to ensure they provide a level of security and privacy
appropriate to their access to data and the scope of the services they are
engaged to provide. Once Google has assessed the risks presented by the
third-party supplier, the supplier is required to enter into appropriate
security, confidentiality, and privacy contract terms.